package com.childenglish.shiro;

import java.util.HashSet;
import java.util.Set;
import com.childenglish.entity.SysUser;
import com.childenglish.mapper.SysUserMapper;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

public class UserRealm extends AuthorizingRealm {

    @Autowired
    private SysUserMapper sysUserMapper;

    /**
     * 授权逻辑
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

        // 获取当前用户
        Object primaryPrincipal = principals.getPrimaryPrincipal();
        if (primaryPrincipal instanceof SysUser) {
            SysUser user = (SysUser) primaryPrincipal;
            // 添加用户角色
            if (user.getRole() != null) {
                authorizationInfo.addRole(user.getRole());
            }

            // 根据角色设置权限
            Set<String> permissions = new HashSet<>();
            switch (user.getRole()) {
                case "admin":
                    permissions.add("system:manage");
                    permissions.add("system:user:list");
                    permissions.add("system:role:list");
                    permissions.add("system:user:view");
                    permissions.add("system:user:edit");
                    permissions.add("system:user:delete");
                    permissions.add("system:role:view");
                    permissions.add("system:role:edit");
                    permissions.add("system:role:delete");
                    permissions.add("system:permission:view");
                    permissions.add("system:permission:edit");
                    break;
                case "teacher":
                    permissions.add("teaching:manage");
                    permissions.add("teaching:class:view");
                    permissions.add("teaching:content:edit");
                    permissions.add("teaching:report:view");
                    break;
                case "parent":
                    permissions.add("parent:manage");
                    permissions.add("parent:child:view");
                    permissions.add("parent:report:view");
                    permissions.add("parent:progress:view");
                    permissions.add("parent:plan:edit");
                    break;
                case "child":
                    permissions.add("learning:manage");
                    permissions.add("learning:listening:view");
                    permissions.add("learning:reading:view");
                    permissions.add("learning:game:view");
                    break;
            }
            authorizationInfo.setStringPermissions(permissions);
        }

        return authorizationInfo;
    }

    /**
     * 认证逻辑
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        String username = usernamePasswordToken.getUsername();

        // 从数据库查询用户（包含角色信息）
        SysUser user = sysUserMapper.findByUsername(username);

        if (user == null) {
            throw new UnknownAccountException("用户不存在");
        }

        // 返回认证信息
        return new SimpleAuthenticationInfo(
                user,                    // principal - 用户信息
                user.getPassword(),      // credentials - 密码
                getName()               // realmName
        );
    }
}